(1) Field of the Invention
The present invention relates to a host-terminal emulation program, a relay program, a host-terminal emulation method, a communication program, a communication method and a client computer. More particularly, the invention relates to a host-terminal emulation program, relay program and host-terminal emulation method allowing communication between a host and a terminal via a gateway, as well as to a communication program, communication method and client computer for communicating with a server by means of a protocol which follows a communication procedure such that the server responds to a request from a client side.
(2) Description of the Related Art
Conventional schemes for computer networks include a method in which a terminal device (hereinafter merely referred to as terminal) interactively accesses a host computer (hereinafter merely referred to as host) that processes data in a centralized fashion. Interactive access is a form of access wherein a terminal logs in onto the host with the use of a predetermined account and a command corresponding to an input operation is entered into the host or the output data from the host is displayed at the terminal. A system like this is called host-centralized processing system.
In such a host-centralized processing system, the host processes data in a centralized manner while the terminal does not perform complicated data processing. The terminal may therefore have only the function of transmitting the content of input operation to the host and the function of displaying information received from the host. Dumb terminals have hitherto been used widely as such terminals.
Recently, client-server system has come to be widely used as a computer network. The client-server system is a system wherein computers which can also function as stand-alone machines, such as workstations or personal computers, are interconnected to constitute a network.
The diffusion of client-server system has permitted each user to use his/her own workstation or personal computer that functions as a client computer (hereinafter merely referred to as client). However, there still exists a type of transaction suited for the conventional host-centralized processing; therefore, in some cases, a host-centralized processing system and a client-server system are both constructed on the same network.
To cope with such a situation, a technique has become popular in recent years wherein each client is imparted a terminal function by application software and makes use of the host by means of the terminal function. A system like this is hereinafter called host linkage processing system.
Currently, communication for host linkage processing is implemented using an Internet/intranet protocol such as TN (TelNet) protocol (conformable to TN3270 standard (RFC1646), TN3270E standard (RFC1647), etc.). Also, there has been proposed a technique for connecting a client system and a server system through a persistent TCP/IP socket connection and connecting the server system and a legacy host system through a similarly persistent TCP/IP socket connection (PCT-based Japanese Patent Publication No. 2001-509286). Both of these techniques enable host linkage processing.
Basically, a client accesses the host via a LAN (Local Area Network), but a technique of using a telephone line or the like to link the client with the host at a remote place is also generally used.
Also, because of recent popularization of the Internet, techniques have been established to link a client with a host via the Internet or to link a client with a remote host by means of TCP/IP (Transmission Control Protocol/Internet Protocol) or an application protocol that works on TCP/IP. Availability of the host function via the Internet serves to further the convenience of the host-centralized processing system.
However, network communications through the Internet/intranet are associated with security problems. The following four can be listed as the security problems with the Internet/intranet:
(1) The network is susceptible to network attacks (illegal communication aiming at a computer within a protected network) such as illegal access.
(2) The network admits of impersonation (act of accessing the network by an impersonating originator).
(3) The network admits of eavesdropping on communication data (act of illegally acquiring and reading the contents of communication data addressed to another person).
(4) The network admits of falsification of communication data (act of illegally rewriting the contents of communication data addressed to another person).
It is virtually impossible to perfectly avoid the above illegal acts on the Internet/intranet infrastructure. Accordingly, measures need to be taken so that no damage may be caused by the illegal acts. In the case of an intranet, the number of malicious third parities is presumably small, compared with the case of the Internet; however, no one can guarantee that there is no malicious third party, and thus the degree of risk to an intranet should be regarded as equivalent to that to the Internet.
Various solutions to the security problems have been devised, and in general, measures mentioned below are taken.
(1) Network attacks such as illegal access can be coped with by restricting protocols that can pass through the network. Specifically, it is difficult to cope with all probable attacks while allowing the passage of all protocols, and also such an attempt leads to enormous costs. Accordingly, a firewall or the like is used to restrict the protocols to be monitored or the port numbers of TCP/IP connections to the smallest possible number (e.g. only to HTTP (HyperText Transfer Protocol), POP (Post Office Protocol)/SMTP (Simple Mail Transfer Protocol)). This serves to limit the objects requiring attention to a narrow range, making it possible to improve the security.
(2) Impersonation can be coped with by authenticating originators. Specifically, whether a party connected with is truly an intended person or not is checked by using a password etc. This prevents communication with a person impersonating another.
(3) Eavesdropping on communication data can be coped with by encrypting the data. Once communication data is encrypted, the content thereof is incomprehensible to a third party. Thus, if one tries to eavesdrop on such data, the content of the data is never known to him/her.
(4) Falsification of communication data can be coped with by detecting traces of falsification for every received data. By detecting falsification of received data, it is possible to prevent falsified data, if received, from being used mistakenly. Where falsified data is received, the sender is requested to again transmit data until correct data is received, whereby correct data can be acquired.
In cases where host linkage processing is carried out through the Internet or intranet, however, another security problem that cannot be solved by the conventional techniques arises for the reason stated below.
Generally, TN protocol used for host linkage processing is blocked in order to counter network attacks such as illegal access. Namely, in Internet/intranet environments in which no host linkage processing is performed, TN connection cannot be established beyond the restrictions on communications imposed by a firewall.
However, in order to permit host linkage communications through the Internet or intranet, it is necessary that the restriction on TN protocol communication imposed by a firewall should be removed. This makes it possible to perform host linkage communications by means of TN protocol via a firewall but at the same time creates a dangerous security hole.
If host linkage processing can be executed by means of HTTP protocol that can pass through the firewall, then the reliability of security can be maintained without lifting the restrictions on TN protocol communication. However, host linkage communication by means of HTTP protocol is associated with the following technical problem.
Specifically, a host-centralized processing system requires that asynchronous bidirectional communication should be carried out between a host terminal and the host. This means that also in the case where host linkage processing is executed through the Internet or intranet, bidirectional communication that occurs at random timing needs to be processed.
However, the HTTP protocol used for the communication between an HTTP client and a Web server follows such a procedure that it is always the Web server that responds to a request from the client side. Thus, as far as the procedure is used in the ordinary way, it is not possible to transmit communication data generated by the host at random timing to the client side. Accordingly, a novel technique is needed which enables asynchronous bidirectional communication by means of a protocol following such a procedure that the server responds to a request from the client side.
If persistent connection is used to connect an HTTP client and a Web server as disclosed in PCT-based Japanese Patent Publication No. 2001-509286, a malicious third party is given sufficient time to analyze the connection to the host, resulting in lowering of the security of the system which must be protected by the firewall.